(lp0
ccopy_reg
_reconstructor
p1
(c__main__
Hit
p2
c__builtin__
object
p3
Ntp4
Rp5
(dp6
S'category'
p7
S'buffer'
p8
sS'end'
p9
I692
sS'name'
p10
S'gets'
p11
sS'parameters'
p12
(lp13
S''
p14
aS'f'
p15
asS'level'
p16
I5
sS'url'
p17
g14
sS'column'
p18
I2
sS'context_text'
p19
S' gets(f);'
p20
sS'hook'
p21
c__main__
normal
p22
sS'warning'
p23
S'Does not check for buffer overflows (CWE-120, CWE-20)'
p24
sS'suggestion'
p25
S'Use fgets() instead'
p26
sS'input'
p27
I1
sS'line'
p28
I32
sS'filename'
p29
S'test.c'
p30
sS'start'
p31
I688
sbag1
(g2
g3
Ntp32
Rp33
(dp34
g7
g8
sg9
I1264
sg10
S'strncat'
p35
sg12
(lp36
g14
aS'd'
p37
aS's'
p38
aS'sizeof(d)'
p39
asg16
I5
sg17
g14
sg18
I3
sg19
S'  strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */'
p40
sS'note'
p41
S'Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.'
p42
sg21
c__main__
c_strncat
p43
sg23
S'Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)'
p44
sg25
S'Consider strcat_s, strlcat, snprintf, or automatically resizing strings'
p45
sg28
I56
sg29
g30
sg31
I1257
sbag1
(g2
g3
Ntp46
Rp47
(dp48
g7
g8
sg9
I1341
sg10
S'_tcsncat'
p49
sg12
(lp50
g14
aS'd'
p51
aS's'
p52
aS'sizeof(d)'
p53
asg16
I5
sg17
g14
sg18
I3
sg19
S'  _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */'
p54
sg41
S'Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.'
p55
sg21
g43
sg23
g44
sg25
S'Consider strcat_s, strlcat, or automatically resizing strings'
p56
sg28
I57
sg29
g30
sg31
I1333
sbag1
(g2
g3
Ntp57
Rp58
(dp59
g7
g8
sg9
I1482
sg10
S'MultiByteToWideChar'
p60
sg12
(lp61
g14
aS'CP_ACP'
p62
aS'0'
p63
aS'szName'
p64
aS'-1'
p65
aS'wszUserName'
p66
aS'sizeof(wszUserName)'
p67
asg16
I5
sg17
g14
sg18
I3
sg19
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));'
p68
sg41
S'Risk is high, it appears that the size is given as bytes, but the function requires size as characters.'
p69
sg21
c__main__
c_multi_byte_to_wide_char
p70
sg23
S'Requires maximum length in CHARACTERS, not bytes (CWE-120)'
p71
sg25
g14
sg28
I60
sg29
g30
sg31
I1463
sbag1
(g2
g3
Ntp72
Rp73
(dp74
g7
g8
sg9
I1617
sg10
S'MultiByteToWideChar'
p75
sg12
(lp76
g14
aS'CP_ACP'
p77
aS'0'
p78
aS'szName'
p79
aS'-1'
p80
aS'wszUserName'
p81
aS'sizeof wszUserName'
p82
asg16
I5
sg17
g14
sg18
I3
sg19
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);'
p83
sg41
S'Risk is high, it appears that the size is given as bytes, but the function requires size as characters.'
p84
sg21
g70
sg23
g71
sg25
g14
sg28
I62
sg29
g30
sg31
I1598
sbag1
(g2
g3
Ntp85
Rp86
(dp87
g7
S'misc'
p88
sg9
I2335
sg10
S'SetSecurityDescriptorDacl'
p89
sg12
(lp90
g14
aS'&sd'
p91
aS'TRUE'
p92
aS'NULL'
p93
aS'FALSE'
p94
asg16
I5
sg17
g14
sg18
I3
sg31
I2310
sg19
S'  SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);'
p95
sg21
c__main__
c_hit_if_null
p96
sg23
S'Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)'
p97
sg25
g14
sg28
I73
sg29
g30
sS'check_for_null'
p98
I3
sbag86
a.